Cinder

NFS/RemoteFS should disallow creation of encrypted volumes

Bug #1675469 reported by Eric Harney
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Cinder
Fix Released
High
Eric Harney
Cinder pike-2

Bug Description

These drivers do not support volume encryption. We should not allow encrypted volumes to be created with these drivers, as this leads to dangerous and unexpected behavior.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (master)

Fix proposed to branch: master
Review: https://review.openstack.org/449205

Changed in cinder:
assignee: nobody → Eric Harney (eharney)
status: New → In Progress
Eric Harney (eharney)
Changed in cinder:
importance: Undecided → High
Eric Harney (eharney)
Changed in cinder:
milestone: none → pike-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (master)

Reviewed: https://review.openstack.org/449205
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=e626f54f8b9793a06be2f2b0a49b2dbbff4ecdd3
Submitter: Jenkins
Branch: master

commit e626f54f8b9793a06be2f2b0a49b2dbbff4ecdd3
Author: Eric Harney <email address hidden>
Date: Thu Mar 23 12:07:54 2017 -0400

    RemoteFS: prevent creation of encrypted volumes

    Support for volume encryption of FS-based volumes is not
    currently implemented in Nova. Creating encrypted volumes
    with these drivers can result in dangerous and undesired
    behavior. Block creation of encrypted volumes for these
    drivers until this is supported.

    This adds a per-driver switch which can be used to enable
    this for individual RemoteFS drivers as they are tested.

    Closes-Bug: #1675469

    Change-Id: I39d4230106c891e1b480989daaf72bea5a64e4b3

Changed in cinder:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/466076

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (stable/ocata)

Reviewed: https://review.openstack.org/466076
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=689d7468513df4b5c7d032314fdf1d4e3e8f6ebc
Submitter: Jenkins
Branch: stable/ocata

commit 689d7468513df4b5c7d032314fdf1d4e3e8f6ebc
Author: Eric Harney <email address hidden>
Date: Thu Mar 23 12:07:54 2017 -0400

    RemoteFS: prevent creation of encrypted volumes

    Support for volume encryption of FS-based volumes is not
    currently implemented in Nova. Creating encrypted volumes
    with these drivers can result in dangerous and undesired
    behavior. Block creation of encrypted volumes for these
    drivers until this is supported.

    This adds a per-driver switch which can be used to enable
    this for individual RemoteFS drivers as they are tested.

    Closes-Bug: #1675469

    Change-Id: I39d4230106c891e1b480989daaf72bea5a64e4b3
    (cherry picked from commit e626f54f8b9793a06be2f2b0a49b2dbbff4ecdd3)

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 11.0.0.0b2

This issue was fixed in the openstack/cinder 11.0.0.0b2 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/cinder 10.0.3

This issue was fixed in the openstack/cinder 10.0.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to cinder (driverfixes/newton)

Fix proposed to branch: driverfixes/newton
Review: https://review.openstack.org/514434

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to cinder (driverfixes/newton)

Reviewed: https://review.openstack.org/514434
Committed: https://git.openstack.org/cgit/openstack/cinder/commit/?id=725629a2dc168fe7db7cc1efe6637734108f3d3b
Submitter: Zuul
Branch: driverfixes/newton

commit 725629a2dc168fe7db7cc1efe6637734108f3d3b
Author: Eric Harney <email address hidden>
Date: Thu Mar 23 12:07:54 2017 -0400

    RemoteFS: prevent creation of encrypted volumes

    Support for volume encryption of FS-based volumes is not
    currently implemented in Nova. Creating encrypted volumes
    with these drivers can result in dangerous and undesired
    behavior. Block creation of encrypted volumes for these
    drivers until this is supported.

    This adds a per-driver switch which can be used to enable
    this for individual RemoteFS drivers as they are tested.

    Closes-Bug: #1675469

    Change-Id: I39d4230106c891e1b480989daaf72bea5a64e4b3
    (cherry picked from commit e626f54f8b9793a06be2f2b0a49b2dbbff4ecdd3)
    (cherry picked from commit 689d7468513df4b5c7d032314fdf1d4e3e8f6ebc)
    Conflicts:
     cinder/volume/drivers/remotefs.py

tags: added: in-driverfixes-newton
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.